import java.io.IOException;import java.util.Map; import javax.security.aut

1. import java.io.IOException;
2. import java.util.Map;
3.  
4. import javax.security.auth.Subject;
5. import javax.security.auth.callback.Callback;
6. import javax.security.auth.callback.CallbackHandler;
7. import javax.security.auth.callback.NameCallback;
8. import javax.security.auth.callback.PasswordCallback;
9. import javax.security.auth.callback.UnsupportedCallbackException;
10. import javax.security.auth.login.LoginException;
11. import javax.security.auth.spi.LoginModule;
12.  
13. // Necessari per treballar amb fitxers Properties
14. import java.io.FileInputStream;
15. import java.io.InputStream;
16. import java.util.Properties;
17. import java.util.Enumeration;
18.  
19. // Necessari per sha256()
20. import java.security.MessageDigest;
21. import java.math.BigInteger;
22. import java.security.NoSuchAlgorithmException;
23.  
24.  
25. /**
26. * Login module that simply matches name and password to perform authentication.
27. * If successful, set principal to name and credential to "admin".
28. *
29. * @author Nicolas Fränkel
30. * @since 2 avr. 2009
31. */
32. public class PlainLoginModule implements LoginModule {
33.  
34. /** Callback handler to store between initialization and authentication. */
35. private CallbackHandler handler;
36.  
37. /** Subject to store. */
38. private Subject subject;
39.  
40. /** Login name. */
41. private String login;
42.  
43. // Variables de classe afegides
44. private String[] groups;
45. /**
46. * This implementation always return false.
47. *
48. * @see javax.security.auth.spi.LoginModule#abort()
49. */
50. @Override
51. public boolean abort() throws LoginException {
52.  
53. return false;
54. }
55.  
56. /**
57. * This is where, should the entire authentication process succeeds,
58. * principal would be set.
59. *
60. * @see javax.security.auth.spi.LoginModule#commit()
61. */
62. @Override
63. public boolean commit() throws LoginException {
64.  
65. try {
66.  
67. PlainUserPrincipal user = new PlainUserPrincipal(login);
68. subject.getPrincipals().add(user);
69.  
70. // creo un objecte role per cadascun dels grups que apareixen al fitxer shadow.properties
71. for (String rol : groups) {
72. PlainRolePrincipal role = new PlainRolePrincipal(rol);
73. subject.getPrincipals().add(role);
74. }
75.  
76. return true;
77.  
78. } catch (Exception e) {
79.  
80. throw new LoginException(e.getMessage());
81. }
82. }
83.  
84. /**
85. * This implementation ignores both state and options.
86. *
87. * @see javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject,
88. * javax.security.auth.callback.CallbackHandler, java.util.Map,
89. * java.util.Map)
90. */
91. @Override
92. public void initialize(Subject aSubject, CallbackHandler aCallbackHandler, Map aSharedState, Map aOptions) {
93.  
94. handler = aCallbackHandler;
95. subject = aSubject;
96. }
97.  
98. /**
99. * This method checks whether the name and the password are the same.
100. *
101. * @see javax.security.auth.spi.LoginModule#login()
102. */
103. @Override
104. public boolean login() throws LoginException {
105.  
106. Callback[] callbacks = new Callback[2];
107. callbacks[0] = new NameCallback("login");
108. callbacks[1] = new PasswordCallback("password", true);
109.  
110. try {
111.  
112. handler.handle(callbacks);
113.  
114. String name = ((NameCallback) callbacks[0]).getName();
115. String password = String.valueOf(((PasswordCallback) callbacks[1]).getPassword());
116.  
117. /* AFEGIR verifyCredentials(name,password); */
118. if (!verifyCredentials(name,password)) {
119.  
120. throw new LoginException("Authentication failed");
121.  
122. }
123.  
124. // A partir d'aquests valors login i groups es crearan els objectes a commit() i es destruiran a logout()
125. login = name;
126.  
127. // Obtenim la llista de grups cridant a la funcio creada getUserGroups(). La variable groups es fara servir al commit() i a logout()
128. groups = getUserGroups(name);
129.  
130. return true;
131.  
132. } catch (IOException e) {
133.  
134. throw new LoginException(e.getMessage());
135.  
136. } catch (UnsupportedCallbackException e) {
137.  
138. throw new LoginException(e.getMessage());
139. }
140. }
141.  
142.  
143. private String[] getUserGroups(String username) {
144.  
145. Properties usuari = new Properties();
146. InputStream file = null;
147. String grups = "";
148.  
149. try {
150.  
151. file = new FileInputStream("shadow.properties");
152.  
153. // Carreguem l'arxiu shadow
154. usuari.load(file);
155.  
156. // Llegim propietats
157. grups = usuari.getProperty(username+".groups");
158. // Si no existeix l'entrada username.group tornem un buit
159. if (grups==null) {
160. return new String[0];
161. }
162.  
163. } catch (IOException ex) {
164. ex.printStackTrace();
165. } finally {
166. // Sempre tancarem el fitxer obert, hi hagi excepcio o no
167. if (file != null) {
168. try {
169. file.close();
170. } catch (IOException e) {
171. e.printStackTrace();
172. }
173. }
174. }
175. // Retorno resultat que contindra un String[] tipo {"ana","dir"}
176. return grups.split(",");
177. }
178.  
179.  
180.  
181. private boolean verifyCredentials(String nom,String pass_input) {
182.  
183. Properties usuari = new Properties();
184. InputStream file = null;
185. String salt = "";
186. String pass_salted = "";
187. try {
188.  
189.  
190. file = new FileInputStream("shadow.properties");
191.  
192. // Carguem fitxer shadow
193. usuari.load(file);
194.  
195. salt = usuari.getProperty(nom+".salt");
196. pass_salted = usuari.getProperty(nom+".password");
197. // Si no existeix alguna de les entrades al fitxer shadow deneguem l'autenticació
198. if (salt==null | pass_salted==null) {
199. return false;
200. }
201.  
202. } catch (IOException ex) {
203. ex.printStackTrace();
204. } finally {
205. if (file != null) {
206. try {
207. file.close();
208. } catch (IOException e) {
209. e.printStackTrace();
210. }
211. }
212.  
213. }
214.  
215. // Comparem el pass hashejat i saltejat obtingut de fitxer shadow amb
216. // el resultat de hashejar el password introduit per l'usuari amb el seu salt
217. if (pass_salted.equals(sha256(pass_input+salt))) {
218. return true;
219. }
220. else {
221. return false;
222. }
223.  
224. }
225.  
226.  
227. public static String sha256(String s) {
228.  
229. try {
230.  
231. // Create Hash
232. MessageDigest digest = java.security.MessageDigest.getInstance("SHA-256");
233. digest.update(s.getBytes());
234. byte messageDigest[] = digest.digest();
235.  
236. // Create Hex String
237. StringBuffer hexString = new StringBuffer();
238. for (int i = 0; i < messageDigest.length; i++) {
239. String h = Integer.toHexString(0xFF & messageDigest[i]);
240. while (h.length() < 2)
241. h = "0" + h;
242. hexString.append(h);
243. }
244. return hexString.toString();
245.  
246. } catch (NoSuchAlgorithmException e) {
247. e.printStackTrace();
248. }
249. return "";
250. }
251.  
252.  
253.  
254.  
255.  
256. /**
257. * Clears subject from principal and credentials.
258. *
259. * @see javax.security.auth.spi.LoginModule#logout()
260. */
261. @Override
262. public boolean logout() throws LoginException {
263.  
264. try {
265.  
266. PlainUserPrincipal user = new PlainUserPrincipal(login);
267. subject.getPrincipals().remove(user);
268.  
269. // destrueixo els objectes corresponents als grups de l'usuari de shadow.properties
270. for (String rol : groups) {
271. PlainRolePrincipal role = new PlainRolePrincipal(rol);
272. subject.getPrincipals().remove(role);
273. }
274.  
275. return true;
276.  
277. } catch (Exception e) {
278.  
279. throw new LoginException(e.getMessage());
280. }
281. }
282. }